PRIVACY POLICY

1. DATA CONTROLLER

The data controller for your personal data is The Baroness, operating from France. You can contact us regarding any data protection questions via the contact form on this website.

If you are located in the EU/EEA and have concerns about our data practices, you also have the right to lodge a complaint with your local supervisory authority (in France: Commission Nationale de l'Informatique et des Libertés — CNIL, www.cnil.fr).

2. DATA WE COLLECT

We collect personal data that you voluntarily provide when submitting our contact form or RSVP form. This includes your name, email address, and any additional information you choose to share (such as number of guests or special requests). We do not collect sensitive personal data beyond what you voluntarily submit, and we do not use tracking technologies or advertising cookies.

3. LEGAL BASIS FOR PROCESSING

We process your personal data on the following legal bases: (a) Performance of a contract — to respond to your inquiry or process your event registration; (b) Legitimate interests — to manage our events and communications; (c) Consent — where you have freely given consent, which you may withdraw at any time without affecting prior processing.

4. USE OF YOUR DATA

Your data is used solely to respond to your inquiries, manage event registrations, and communicate with you about events for which you have expressed interest. We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use your data for automated decision-making or profiling.

5. RETENTION PERIOD

We retain your personal data only as long as necessary to fulfill the purpose for which it was collected — generally no longer than 24 months after your last interaction with us. After this period, your data is securely deleted.

6. YOUR RIGHTS UNDER GDPR

You have the right to: access the personal data we hold about you; request correction of inaccurate data; request erasure of your data (the "right to be forgotten"); object to or request restriction of processing; request data portability in a machine-readable format; withdraw consent at any time where processing is based on consent. To exercise any of these rights, please contact us via the contact form. We will respond within 30 days.

7. COOKIES AND TRACKING

This website does not use advertising or tracking cookies. We may use essential technical cookies necessary for the website to function. No personal data is collected through cookies.

8. SECURITY

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Data submitted through our forms is transmitted via encrypted HTTPS connections.